Loading…
Johnie T Young
AI Expert
Johnie T Young is an AI expert and governance practitioner with deep experience helping fast-moving technology companies implement responsible AI practices at small-team scale. With a focus on practical, actionable frameworks, Johnie built AI Policy Desk to close the gap between enterprise-grade compliance tooling and the real-world needs of lean product teams. Before founding AI Policy Desk, Johnie worked across a range of technology companies advising on AI risk management, GDPR readiness, and EU AI Act compliance. With the rapid emergence of AI regulation globally, Johnie identified a clear need: governance resources written for 10-person teams, not Fortune 500 legal departments — practical templates, checklists, and guides that teams can pick up and use today.
- AI governance practitioner
- EU AI Act and GDPR specialist
- AI risk management expert
- Compliance frameworks for small teams
EU AI Act complianceAI governance frameworksGDPRRisk assessmentShadow AI managementVendor evaluationAI incident responseModel risk management
219 articles by Johnie T Young
Compliance·10 min
Read →Fintech AI Governance: CFPB, FCRA, and EU AI Act Requirements for Automated Credit Decisions (2026)
AI credit and lending decisions trigger CFPB adverse action notice requirements, FCRA accuracy obligations, and EU AI Act high-risk classification. Templates and compliance steps.
fintech-aicfpbfcraeu-ai-act
Governance·10 min
Read →HR AI Governance: What EU AI Act and EEOC Require for AI Hiring Tools (2026)
AI hiring tools are classified high-risk under the EU AI Act. What that means: impact assessments, bias testing, candidate disclosure, and EEOC disparate impact requirements.
hr-aiai-governanceeu-ai-acthiring
Compliance·16 min
Read →Privacy-First AI APIs: 5 That Won't Train on Your Data (GDPR & CCPA, 2026)
Claude, Azure OpenAI, Vertex AI, OpenAI, and Mistral all offer zero-training configs. Includes GDPR Article 28 DPA templates, CCPA service provider terms, and EU data residency options.
ai-privacygdprccpaai-apis
Security·14 min
Read →TypeScript AI Agent Security Incident Response Playbooks: 4 Paste-Ready Modules (2026)
4 TypeScript modules for AI agent security incidents: prompt injection detector, circuit breaker, audit logger, tool authorization gate. Express and Next.js compatible with full Vitest test suite.
ai-securitytypescriptincident-responseai-agents
Governance·12 min
Read →New Federal & State Rules Challenge Health Data Security
Small health‑care teams face a growing maze of federal and state national security rules that tighten health data security, demanding compliance strategies
health data securitynational security regulationshealthcare compliancegenomic data protection
Governance·13 min
Read →DOJ Bulk Data Rule Tightens Health Data Security for Teams
DOJ's Bulk Data Rule compels small health teams to keep data in the US, ban foreign tools, and enforce health data security as security laws tighten.
health datanational securitycompliancesmall teams
Governance·8 min
Read →AI Vendor Supply Chain Security: Checklist for Small Teams (2026)
AI supply chain attacks: contractor gets infected, tokens stolen, your systems hit. Checklist to map vendor exposure, scope access, and respond within 24 hours.
ai-securityvendor-risksupply-chainincident-response
Governance·8 min
Read →AI in Virtual Data Rooms: Compliance and Governance Guide (2026)
AI features in VDRs create data handling and compliance obligations. Access controls, training opt-outs, and audit log requirements before enabling VDR AI.
vendor-riskdue-diligenceai-compliancegovernance
Governance·9 min
Read →AI Vendor Due Diligence Checklist (2026): 30 Questions Before You Sign
30-question AI vendor due diligence checklist: security, data handling, compliance, and contract terms. Pass/fail criteria for each. Copy into your review.
vendor-riskdue-diligencechecklistai-security
Governance·16 min
Read →Amazon KDP AI-Generated Content Disclosure: Official Requirements, Checkbox Wording, and What Gets Rejected (2026)
Amazon KDP AI disclosure official requirements 2026: the exact checkbox wording, how Amazon distinguishes AI-generated from AI-assisted, what readers actually see, and 5 real enforcement scenarios. Decision flowchart included, no guessing which box to check.
ai-complianceamazon-kdpai-disclosuregovernance
Governance·8 min
Read →GitHub Copilot and AI Code Assistants: Governance and IP Risk (2026)
Copilot and Cursor send source code to vendor servers. IP risk, licensing exposure, and the org settings and policy rules engineering teams need to govern this.
ai-securitygovernanceai-complianceip-risk
Governance·15 min
Read →Can Sam Altman be trusted? Elon Musk wants a jury to answer Big Tech’s hottest question.
Musk OpenAI lawsuit exposes corporate governance risks in AI labs. Lessons from Elon Musk vs. Sam Altman on trust, mission drift, and safeguards. Practical
templateschecklistsworkflows